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(54) Securing feature activation in a telecommunication system 

(57) Periodically sending by a telecommunication 
controlled application an encrypted message to a 
license server to request permission to run and to 
obtain a list of permitted features. The license server 
application is executing on the same processor as the 
controlled application. Also resident on the same sys- 
tem is a license file which contains a list of applications 
that are permitted to run, the version number of the per- 
mitted applications and a list of permitted features. The 
license server is responsive to the encrypted message 
from the controlled application to read and decrypt the 
license file, read the serial number of the processor con- 
trolling the telecommunications system, compare the 
serial number obtained from the processor with the 
serial number stored in the license file. If there is a mis- 
match, no license is granted to the control applications 
and it will not be allowed to run. If the serial numbers 
match, then a comparison is made between the version 
number received from the application and the corre- 
sponding version number associated with the applica- 
tion in the license file. If the version number mis- 
matches, an encrypted message is sent to the applica- 
tion denying it permission to run. If the version number 
matches, an encrypted message is sent to the applica- 
tion granting it permission to run and listing the permit- 
ted features. To decrypt the license file, the license 
server utilizes a key that is assigned to the license 
server either globally or on a per system basis. 



f 12 0 
PC 



r100 



TELECOMMUNICATE SOTTCHffJG SYSTQI 



MEMORY 



f 113 



OPERATING SYSTEM 



f 102 



CONTROL 
PROCESSOR 



LAN 

•110 



f 103 



SWITCHING 
NETWORK 



f 109 



REMOTE 
DATABASE 



rlW 



PUBLIC TELEPHONE 
NETWORK 



FIG. 1 



rIOl 



S f 114 


f 116 


f 117 




CALL 




PASSWORD 




SYSTEM 




CONTROL 




RLE 




APP 



f 106 



MODEM 



f106 



TEL 
SET 



f 107 



TEL 
SET 



Q. 

LU 



Printed by Xerox (UK) Business Services 
2.16.7 (HRS)/3.6 



1 



EP 1 071 253 A1 



2 



Description 
Technical Field 

[0001] This invention relates to the securing of pro- 5 
grams and tables and, in particular, to protecting actua- 
tion of features and software within a 
telecommunication switching system. 

Background of the Invention w 

[0002] Within the prior art, it is well known to sell or 
lease software both from the point of view of the basic 
program and from the features that the program is 
allowed to implement. Normally, each release or version 15 
of a particular software package for a customer premise 
telecommunication switching system contains a large 
number of features; however, the customer chooses 
and pays for only a subset of the total number of fea- 
tures. Features in a telecommunications switching sys- 20 
tern refer to certain specialized operations such as call 
hold, call transfer, automatic route selection, etc. An 
ongoing problem in the art is to prevent newer versions 
of the software from being pirated and used on unau- 
thorized switching system or the customer actuating 25 
features for which the customer has not paid. Within tel- 
ecommunications switching systems in the prior art, 
these problems have been addressed by using pass- 
words that only allow authorized individuals to have 
access to the telecommunication switching system for 30 
enabling features or new software versions. 
[0003] The problem of securing software is a com- 
mon problem throughout the computer industry as well. 
Three methods have been utilized to address this prob- 
lem. One is to distribute the software utilizing a CD-Rom 35 
and to include a key that must be entered to enable the 
software program. This solution does not solve the cop- 
ying problem since the key is normally printed on the 
CD-Rom cover, and anyone can install the software as 
many times as they wish, however illegal it may be. A 40 
second method is to use a special piece of hardware 
that is commonly referred to as "dongle". The dongle is 
a special piece of hardware that connects to the serial 
or parallel port of the computer. The software executing 
on the computer sends a random number to the dongle. 45 
The dongle performs a secret computation and returns 
a result. The software makes a like computation; if the 
two computations match, the software continues to run. 
To work satisfactorily, the response must include feature 
and version information. The use of the dongle is cum- so 
bersome when it fails. If the dongle fails, then the sys- 
tem is down until a new dongle can be physically 
obtained on site. Also, once made, the dongle is fixed. If 
it was used for feature activation, a new dongle is 
required for each additional feature that is purchased. 55 
[0004] A third method (as described in PC Maga- 
zine, p. 35, December, 1 998) is to freely distribute the 
CD-Rom disks. When the CD-Rom is inserted into a 



computer, the computer automatically connects to a 
remote server via the Internet or a dial up connection to 
receive a machine-specific key. The key unlocks the 
software so that it can be utilized on that computer. The 
remote server also obtains the necessary payment 
information from the computer user. The third method 
does not function well for a telecommunication switch- 
ing system since it does not provide for the authoriza- 
tion to use different features of the same software 
application nor is it dependent on the version of the soft- 
ware being requested. In addition, it does not provide 
the necessary authorization of personnel to make such 
a request. 

Summary of the Invention 

[0005] A departure in the art is achieved by an 
apparatus in method where a controlled application, 
such as a telecommunication application, periodically 
sends an encrypted message to a license server to 
request permission to run and to obtain a list of permit- 
ted features. The license server application is executing 
on the same processor as the controlled application. 
Also resident on the same system is a license file which 
contains a list of applications that are permitted to run, 
the version number of the permitted applications and a 
list of permitted features. The license server is respon- 
sive to the encrypted message from the control applica- 
tion to read and decrypt the license file, read the serial 
number of the processor controlling the telecommunica- 
tions system, compare the serial number obtained from 
the processor with the serial number stored in the 
license file, If there is a mis-match, no license is granted 
to the control applications and it will not be allowed to 
run. If the serial numbers match, then a comparison is 
made between the version number received from the 
application and the corresponding version number 
associated with the application in the license file. If the 
version number mis-matches, an encrypted message is 
sent to the application denying it permission to run. If 
the version number matches, an encrypted message is 
sent to the application granting it permission to run and 
listing the permitted features. To decrypt the license file, 
the license server utilizes a key that is assigned to the 
license server either globally or on a per system basis. 
[0006] Other and further aspects of the present 
invention will become apparent in the course of the fol- 
lowing description and by reference to the accompany- 
ing drawing. 

Brief Description off the Drawing 

[0007] Referring now to the drawing: 

FIG. 1 illustrates, in block diagram form, the 
arrangement of software within telecommunication 
switching system 1 00; 

FIG. 2 illustrates, in flow chart form, the steps per- 
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formed by a license server; and 
FIG. 3 illustrates, in flow chart form, steps per- 
formed by a remote database. 

Detailed Description 5 

[0008] FIG. 1 illustrates telecommunications switch- 
ing system 100 interconnected to public telephone net- 
work 104. Telecommunications switching system 100 
includes telephone sets 106-107. The features and w 
operations provided by telecommunication switching 
system 100 to telephones 106-107 and its interactions 
with public telephone network 1 04 are well known in the 
art. Control processor 1 02 executes call control applica- 
tion 1 14 via operating system 1 1 1 to perform the tele- is 
communication functions and features. Control 
processor 102 communicates with switching network 
103 via LAN 110. One skilled in the art could readily 
envision that control processor 102 could communicate 
with switching network 1 03 via a direct connection such 20 
as a connection via the processor bus of control proces- 
sor 1 02. Operating system 1 1 1 is a conventional operat- 
ing system allowing for the execution of applications 
such as call control application 114 and for the intra- 
application communication of messages. Personal com- 25 
puter (PC) 120 is utilized by service personnel to admin- 
ister telecommunication switching system 100. These 
functions of the service personnel will be described 
later. Switching network 103 provides all of the neces- 
sary telecommunication switching and interfacing that is 30 
required in telecommunication switching system 100. 
Modem 1 08 is directly connected to control processor 
102 so that control processor 102 can contact remote 
database 109 via public telephone network 104. One 
skilled in the art could readily envision that modem 108 35 
could be interconnected to control processor 102 via 
LAN 110. Similarly, remote database 109 can establish 
a communication channel with control processor 102 
via public telephone network 1 04 and modem 1 08. 
[0009] In accordance with the invention, at initializa- aq 
tion and periodically during its execution, call control 
application 1 14 sends an encrypted message to license 
server 113 via operating system 111. The encrypted 
message requests permission to run and to obtain a list 
of permitted features. The encrypted message also 45 
includes the version number for call control application 
1 14. License server 1 13 is responsive to the encrypted 
message to access license file 112. License server 113 
decrypts license file 1 1 2 in order to obtain the list of per- 
mitted features, version number of call control applica- so 
tion 114, and the serial number of control processor 
102. License server 1 13 via operating system 1 1 1 then 
reads the serial number from control processor 102. 
License server 113 then compares the serial number 
obtained from license file 112 and the serial number 55 
from control processor 102. If there is a match, license 
server 1 13 then compares the version number received 
from call control application 114 with the version 



number contained in license file 1 12. If there is a match, 
license server 1 13 transmits an encrypted message to 
call control application 114 informing it that it can run 
and the features that may execute. In addition, license 
file 112 can contain an expiration date that license 
server 113 checks to see if it has expired. If the expira- 
tion date has expired , license server 113 will not give 
call control application 1 1 4 permission to execute. Note, 
that any other applications running on telecommunica- 
tion switching system 100 can utilize the same mecha- 
nism as call control application 1 14 to determine if they 
are to be allowed to execute and what options they may 
execute. 

[0010] License file 112 must be obtained from 
remote database 1 09. Similarly, password file 1 1 6 must 
also be provided by remote database 109. Password file 
1 1 6 allows a user utilizing PC 1 20 to gain access and to 
perform certain operations with respect to telecommuni- 
cation switching system 100. An example of a common 
task that a service personnel might perform via PC 120 
would be to shut telecommunication switching system 
100 down or perform routine maintenance functions. 
Remote database 109 can initialize the downloading of 
license file 112 via public telephone network 104 and 
modem 108. When this downloading occurs, control 
processor 102 will execute system application 117 to 
properly store the license file in license file 1 12 as it is 
received from remote database 109. Similarly, control 
processor 102 can also automatically request the 
license file 1 12 from remote database 109. In addition, 
a user of PC 120 can request a copy of the license file 
by logging on to remote database 109 via public tele- 
phone network 1 04. The PC 120 then loads the license 
file into memory 101 via LAN 1 10 and control processor 
102. 

[001 1] When a request is made of remote database 
109 for a copy of the license file, remote database 109 
verifies the identify of the entity requesting the copy, 
accesses the file defining the serial number, features 
and version numbers that should be included in the 
license file and the password file, and then, transmits 
the copy of the license file to telecommunication switch- 
ing system 1 00. 

[0012] FIGS. 2 and 3 illustrate, in flowchart form, 
the steps performed by license server 113 in response 
to an encrypted message from call control application 
1 14. The receipt of the encrypted message is detected 
by block 200 which transfers control to block 201. The 
latter block reads the serial number from control proces- 
sor 102 before transferring control to decision block 
202. The latter decision block verifies that a serial 
number has been read from control processor 102. If an 
error occurs, control is transferred to block 203 which 
logs an error before transferring control to block 213. 
Block 213 formulates a message indicating that call 
control application 114 can not execute and transfers 
this to block 309 of FIG. 3 whose operation will be 
described later. Returning to decision block 202, if an 
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error has not occurred, license file 1 12 is read. Decision 
block 206 verifies that an error did not occur in the read- 
ing of license file 1 12 from memory 1 01 . If an error did 
occur, control is transferred to block 207 which logs the 
fact that an error occurred before transferring control to 5 
block 21 3. If an error did not occur, control is transferred 
to block 208 which formulates the key to be utilized in 
decrypting license file 112. One skilled in the art could 
readily envision that license file 1 1 2 could be encrypted 
with more than one key, and that block 208 would need w 
to formulate ail of the necessary keys. After license file 
112 has been decrypted, control is transferred to block 
211 which compares the serial number stored by 
license server 1 13 and the serial number read from con- 
trol processor 102. Decision block 212 determines if an 15 
error or mis-match has occurred in the comparison of 
the serial numbers. If the answer is yes, control is trans- 
ferred to decision block 213. If the answer is no in deci- 
sion block 21 2, control is transferred to block 301 of FIG. 
3. 20 
[001 3] Block 301 obtains the present date and time 
before transferring control to decision block 302. The 
latter decision block compares the present date and 
time with that read from license file 1 12 to determine if 
the execution of call control application 1 14 has expired. 25 
If the answer is yes, control is transferred to block 307 
which formulates a denial to be sent back to call control 
application 114 before transferring control to block 309. 
If the answer is no in decision block 302, control is trans- 
ferred 303 which determines the information being 30 
requested by call control application 114 before trans- 
ferring control to block 304. Block 304 decrypts the 
message that had been received call control application 
114. In particular, it verifies that the version number 
being requested by call control application 114 are 35 
allowed by the information that is in license file 112. 2. 
After performing these operations in block 304, control 
is transferred to block 306 which determines if the 
requested information and version number mis-match. 
If the answer is yes, control is transferred to block 307. 40 
[0014] If the answer is no in decision block 306, 
control is transferred to block 308 which formulates a 
response to be transmitted to call control application 
114 informing it of the features that it may execute 
before controi is transferred to block 309. Block 309, 45 
encrypts the various messages received either from 
block 213, block 308, or block 307 before transferring 
control to block 31 1 . Block 31 1 transmits the encrypted 
message to call control application 114 via operating 
system 111. so 

Claims 

1. A method for protecting actuation of a plurality of 

features and a plurality of controlled applications, 55 3. 
comprising the steps of: 

sending (200) a first message to a license 



server, by one of the plurality of controlled 
applications, requesting permission to continue 
execution and identification of ones of the plu- 
rality of features that are to be provide by the 
one of the plurality of controlled applications; 
CHARACTERIZED BY 

obtaining (201), by the license server, a first 
serial number of a processor on which both the 
license server and the one of the plurality of 
controlled applications are executing; 
accessing (204), by the license server, a 
license file to obtain a second serial number of 
a processor on which the one of the plurality of 
controlled applications is allowed to execute 
and identification of an allowed set of the plu- 
rality of features that the one of the plurality of 
controlled applications is to provide; 
comparing (21 1 ), by the license server, the first 
serial number with second serial number; 
transmitting (308), by the license server, a sec- 
ond message to the one of the plurality of con- 
trolled applications indicating that the one of 
the plurality of controlled applications can con- 
tinue execution and including identification of 
the allowed set of the plurality of features upon 
the first serial number and second serial 
number being equal; 

continuing execution (114), by the one of plu- 
rality of the controlled applications, in response 
to the second message; and 
providing (1 14) the allowed set of the plurality 
of features in response to the second message 
by the one of the plurality of controlled applica- 
tions. 

The method of claim 1 wherein the step of sending 
comprises the step of including a first version 
number of the one of the plurality of controlled 
applications in the first message; 

the step of accessing comprises the step of 
reading a second version number from the 
license file of a set of the plurality of controlled 
applications that are allowed to execute on the 
processor defined by the first serial number; 
the step of comparing further compares the 
first version number with the second version 
number; and 

the step of transmitting further transmits the 
second message upon the first serial number 
and second serial number being equal and the 
first version number and the second version 
number being equal. 

The method of claim 2 wherein the license file is 
encrypted and the step of accessing further com- 
prises the step of decrypting the license file. 
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4. The method of claim 3 wherein the first message is 
encrypted and the step of obtaining further com- 
prises the step of decrypting the first message. 

5. The method of claim 4 wherein the first and second s 
messages are communicated via an operating sys- 
tem. 

6. The method of claim 3 wherein the second mes- 
sage is encrypted and the step of continuing excu- w 
tion comprises the step of decrypting the second 
message. 

7. The method of claim 6 wherein the first and second 
messages are communicated via an operating sys- 15 
tern. 

8. The method of claim 1 wherein the step of transmit- 
ting further transmits a third message to the one of 
the plurality of controlled applications indicating that 20 
the one of the plurality of controlled applications 
should cease execution upon the first serial number 
and second serial number not being equal. 

9. The method of claim 8 further comprises the step of 25 
ceasing execution, by the one of the plurality of con- 
trolled applications, upon receipt of the third mes- 
sage. 

10. Apparatus for protecting actuation of a plurality of 20 
features and a plurality of controlled applications, 
comprising means adapted to carry out the steps of 

a method as claimed in any of the preceding claims. 
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